You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

BC AdBot (Login to Remove)

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!

Now reboot into Safe Mode.This can be done tapping the F8 key as soon as you start your computer You will be brought to a menu where you can choose to boot into safe mode. Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following folders, and delete them if still present:

I want you to clean your cache and cookies from your internet explorer.There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer . ° Go to your control panel and open "Internet Options". ° Click on the "General" tab. ° Click the "Delete Cookies" button, then the "Delete Files" button. ° If prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button. ° Type the following in the box --> cleanmgr and click ok. ° Let it scan your system for files to remove. ° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked. ° Press OK to remove them.

Follow the prompts that will be displayed on the screen.Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt.Post this log in your next reply together with a new hijackthislog.

3wPlayer is a rogue media player software application bundled with trojans that can infect computers running Microsoft Windows. It is designed to exploit users who download video files, instructing them to download and install the program in order to view the video. The 3wPlayer is infected with Trojan.Win32.Obfuscated.en according to Kaspersky Anti-virus.

Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.

Now reboot into Safe Mode.This can be done tapping the F8 key as soon as you start your computer You will be brought to a menu where you can choose to boot into safe mode. Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following fifolders, and delete them if still present:

Please perform this online scan: Kaspersky WebscanNote that this scanner will only work on Internet Explorer, so please use this browser for the scan.Read the Requirements and Privacy statement, then select "Accept"A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cabSelect "Install" to download the ActiveX controls that allows ActiveScan to run.

When the download is complete it will say ready, click "Next"Select a target to scan: Click on "My Computer"When the scan is complete choose to save the results as "Save as Text"Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.

I have another question, did you install these two antispyware programs intentionally?: 'AdwareAlert' + 'SpywareBot'

To DavidI know I never intentionally installed AdwareAlert but I am not sure with SpywareBot as I know I install spybot wether that is the same thing or not I am not sure they all seem to use a name similar to each other these days.

Double-click the Java icon in the control panel. The Java Control Panel appears. Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.

Click Delete Files. The Delete Temporary Files dialog box appears.

There are three options on this window to clear the cache. - Delete Files - View Applications - View Applets Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window. Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.

Please find and delete this infected installed (the one that infected you):C:\Documents and Settings\Nicholas\My Documents\3wPlayer-1.5.0.0-setup-0593.exe

We need to purge your infected system restore points.On the Desktop, right-click My Computer, then click Properties.Click the System Restore tab near the top of the window.Check Turn off System Restore, click Apply, and then click OK.More information on how to disable your system restore can be found here.

We want to create a new, clean restore point. Please first reboot your computer.On the Desktop, right-click My Computer, then click Properties.Click the System Restore tab near the top of the window.Uncheck "Turn off System Restore", click Apply, and then click OK.

Click Start > All Programs > Accessories > System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.Type a description for your new restore point - Something like "After trojan/spyware cleanup". Click Create, and after it has created the restore point, click "Close".Further instructions on creating a restore point can be found here

Before I let you go, uninstall both AdwareAlert and SpywareBot from add/remove in the control panel.They are dodgy programs, and personally, I wouldn't trust them on my own PC.

The latest log is looking clean! Follow this list and your potential for being infected again will be reduced dramatically.

Use an Anti Virus Software - * It is very important that your computer has an anti-virus software running on your machine. * This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs: * Click here for more information on -> Computer Safety On line - Anti-Virus* I would recommend Grisoft's AVG or AVAST. * These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - * I can not stress how important it is that you use a Firewall on your computer. * Without a firewall your computer is susceptible to being hacked and taken over. * Simply using a Firewall in its default configuration can lower your risk greatly. * For an article on Firewalls and a listing of some available ones see the link below: * Click here for more information on -> Computer Safety On line - Software Firewalls* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently - * It is important that you visit http://www.windowsupdate.com regularly. * This will ensure your computer has always the latest security updates available installed on your computer. * If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. If you wish to learn how to use HijackThis to remove malware, you might like to join the Malware Removal Training Program!